Battle over botnets nearly lost

Hi malware fighters,

Networks of zombie-computers that are sending out mass spam-mail and are being used to deliver Denial of Service attacks are almost becoming instoppable… “The trhreat of botnets has been known for a couple of years now, but only recently we know how they really work, I am afraid we are two years or more behind towards response mechanisms”, says SRI International’s Marchus Sachs. SRI is a non-profit resaerch centre.

The fight against zombies is fought by volunteers that try to find the botnet “command-and-control” infrastructure and cooperate with ISPs and the law to close them down. Botnethunters feel in despair, because all their efforts does not pay off, “When we close down one command-and-control server, the botnet is already found on another host. We are not hurting them anymore”, botnethunter Gadi Evron says.

According to Evron there is an informationwar going on, where the botnet ‘owners’ are getting more and more ahead of the botnet hunters, who lack behind. They use compromised systems for hosting DNS servers. In this way the botnet owner can change IP-addresses, without changing a DNS record or hosting.

It is like ac play of cat and mice

polonus

Yes, it sure is a vicious circle.